Bug 772479

Summary: unable to su - to a user that has a SSH-key when pam_ssh is in use
Product: [openSUSE] openSUSE 12.2 Reporter: Christoph Obexer <cobexer>
Component: BasesystemAssignee: Vítězslav Čížek <vcizek>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: vcizek
Version: RC 1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Christoph Obexer 2012-07-20 18:11:57 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1

I am unable to su - to a user that has an SSH key with a pass-phrase that is different from the account password
(su - to an account that has a SSH key whose pass-phrase is identical to the account password works, su - to root where there is no SSH key also works)

#/etc/pam.d/common-auth-pc contains this line for pam_ssh:
auth    optional        pam_ssh.so      nullok

Reproducible: Always

Steps to Reproduce:
1. use pam_ssh
2. have a user that has an SSH key with pass-phrase different than the account password
3. normal users are unable to su - to them, only root can do that
Actual Results:  
~> LANG=C su - amarok-devel 
Password: 
SSH passphrase: 
su: : Unknown error -2016755760
the error is different every time
Comment 1 Vítězslav Čížek 2012-08-04 20:03:26 UTC 
Take a look at bug #730851.

This looks like a problem with your pam settings.
pam_unix2 module takes the password passed from previous module,
so your ssh passphrase gets passed to pam_unix2 and the su fails.

I suggest not to use pam_ssh as auth module.
Try changing "auth" to "session" for pam_ssh in your settings.
Comment 2 Vítězslav Čížek 2012-08-08 12:27:53 UTC 
A duplicate of bug 730851.

*** This bug has been marked as a duplicate of bug 730851 ***